We recently recorded a webinar with Managing Director of Kingsford Consultancy Services Ltd, Richard Green, to discuss the latest developments in the new ISO health and safety standard.
Below is a transcript of the webinar.
What are the main challenges managing health and safety?
Health and safety tends to get a bad press. Too often it is seen as both an administrative and an operational overhead, something that gets in the way of completing the job quickly, something which can be circumvented when the pressure is really on.
Responsible organisations know this is nonsense, and the HSE has gone to great lengths to publish Myth Busters on its website in an attempt to dispel some of the crazier H&S assertions that surface periodically, but the sad truth remains that the only time the top management of certain organisations take an interest in this subject matter is when there has been an actual H&S incident. Then they tend to get very interested, very quickly.
In its introduction, DIS2 ISO 45001 reminds us of the role top management MUST play if a H&S management system is to be effective. These critical success factors include promoting and developing a H&S culture, their need to consult with workers over H&S matters and ensure worker participation in key H&S decisions, the need for them to provide the necessary resources to run an effective H&S management system, and the need for them to ensure H&S is integrated into business as usual.
At present, I’d suggest we are some way off this being the norm, particularly when we view Health and Safety from an international perspective.
Why a need to move from OHSAS 18001?
OHSAS 18001 was (indeed is) a highly successful standard. Although it’s difficult to capture accurate figures (as it’s not an ISO standard and therefore not included in the ISO annual Certification Body survey), it’s estimated that 93,000 OHSAS 18001 certificates have been issued. That places it third behind ISO 9001 and ISO 14001 respectively.
ISO have long desired to complete the holy trinity. Those with long memories will recall ISO 9001 started out a British Standard BS 5750 and ISO 14001 also started out as a British Standard, BS 7750.
OHSAS 18001 (or BS OHSAS 18001 to give it its proper title), is going the same way for the same reason, to elevate it from what is essentially a national standard, albeit one which has been globally accepted, to a truly international standard, developed with full international consensus.
As OHSAS 18001:2007 was due for an update anyway it seemed logical to take the opportunity to go down the international route, to try to drive H&S improvement on an international basis.
ISO 31000 reminds us that risk is ‘the effect of uncertainty’. It therefore follows that by reducing the effect of uncertainty we will reduce our organisation’s risk exposure. Annex SL based standards, and that includes ISO 45001 of course, set out to do this by requiring organisations to:
- Be clear on what they have to do (legal requirements).
- Be clear on what they chose to do (other requirements).
- Be clear on how they will do it (planning, support in place and operations)
- Be clear that it is being done (performance evaluation)
- Be clear on how to do it better (Improvement)
Why do you think there has been a big divide in the feedback on the ISO DIS 45001?
ISO 45001 was always going to be a problem child. Those developing the standard come from national standards bodies representing different parts of the world, with radically different perspectives on workers’ H&S.
Accepted working practices in some countries are completely unacceptable in others, and the degree to which workers are able to actively participate in, and be consulted on, H&S matters, are similarly divergent.
Now throw into the mix the liaison organisations who at one end of the spectrum are passionate about enshrining worker’s rights at the core of the standard, and who at the other are represent employer’s interests, believing it’s for businesses to decide how and when to involve their workforce in any H&S debate. Finally, add in the complexities of national and international health and safety legislation and perhaps you’ll begin to understand why this standard is taking so long to finalise.
What are some of the key changes and how will they impact the way health and safety is managed in the organisation?
For me the key changes are;
- The adoption of annex SL which should aid integration with other management systems.
- The removal of the role of management representative which is designed to embed H&S responsibility more widely than just that single individual.
- The enhanced role top management HAVE to play in the operation of their H&S management system- there are things they cannot now delegate.
- The requirement to integrate the H&S system into ‘business as usual’
- The extension of worker consultation and participation
- The requirement for the organisation to prevent ‘ill heath’ (including psychological health) as opposed to just injuries
- There’s explicit recognition that injuries and ill health can result not just from immediate impacts but also from long term impacts
- The need to consider H&S opportunities, not just H&S risks
- Major shakeup of terms and definitions. Of the 37 included in ISO 45001 only 3 are identical to those in OHSAS 18001. New definitions include ‘worker’ and ‘workplace’.
How can organisations prepare for ISO 45001?
Start by increasing awareness, if you are responsible for your organisation’s OHSAS 18001 compliant system you need to know about ISO 45001. There’s lot of information circulating on the internet but make sure you look at that coming out of an informed source, someone who is actively involved in the revision process.
Then tell others in your organisation what’s about to happen and how it will impact them. You’ll need to speak to top management about their revised obligations and you’ll want to bring your internal auditors up to speed with the new requirements in order that they can spot issues during the transition process.
Speak to your certification body to see what help they intend to provide you with and note that if you are not happy with your certification body or any support consultants you may employ, now is a good time to change them. You’ll want to be making this journey with people you trust.
Once you are clear as to where you need to get to, then you can start to plan. At this stage, it can only be an outline as ISO 45001 is still work in progress but the bare bones can be put in place and then adjusted when there is more certainty as to the standard’s contents and timing.
Where can people access a copy of the draft?
Both BSI and ISO will happily provide you with a copy of the DIS2 for suitable recompense. BSI are asking £30 for non-members and £24 for members, ISO are charging 58 Swiss francs (which equates to £46.80). Both have online shops offering immediate downloads.
When should people expect ISO 45001 to be released?
Not even members of PC283 know the answer to that one. The official ISO timeline shows the publication of an FDIS in November 2017 and then publication of the full ISO in March 2018. That said, there are a lot of technical comments on DIS2 (1200) and each and every one of these needs to be considered. It’s conceivable that if PC283 cannot process all of these at their meeting in Melaka this month, that they will need to schedule another meeting to complete the task. Personally, I’d see March 2018 as the EARLIEST possible publication date and if I were staking my own money on it I’d probably go for the end of Q2 2018.
What process would you recommend following when transitioning?
View this as a journey. Firstly, you need to understand where you want to get to. That’s the easy bit, compliance with ISO 45001. Now take time to understand what the destination looks like - if you can’t tell Rotherham from Rochdale you won’t be able to tell when you’ve got to where you want to be. So, start by self-education and progress to awareness raising. Make sure you tell everyone where you are taking them and why this is right destination.
Next you need to understand where you are starting from. Each organisation’s departure point will be unique, as the degree to which each organisation embraces OHSAS 18001 will be different. There are organisations already going beyond the basic requirements of the standard whilst others will simply be doing the minimum to comply. The former will be closer to the destination than the latter. Conduct a gap analysis to identify your own personal departure point.
Now we need to plan the journey, making it as smooth as possible and avoiding the potholes along the way. Enshrine your route in a transition plan built on the results of your gap analysis. Periodically re-run the gap analysis to ensure you are still on the correct road and that you are continuing to make progress. Get internal audits and management reviews up and running early so if you do drift off piste you can pick the right route up once more or, if you identify a shortcut, to position you to take it.
Involve your certification body early on. They can help smooth the route.
Treat this as a project, create a project structure to manage the transition, a communications plan to keep stakeholders engaged, a project plan to act as your route plan and risk and issue logs as things will go wrong along the way, and the fallout will need to be managed.
Some organisations have a separate quality and health and safety manager. How can organisations use the Annex SL to make transition faster?
Get the quality & H&S manager talking to each other. Hopefully, given that we have only 12 months of the 9001 and 14001 transition periods remaining, work on transitioning the organisation’s QMS and EMS will be well advanced. At the very least there should be a clear and communicated transition plan in place by now.
That means a lot of lessons will have been learned by the quality and environmental people that can usefully be passed across to the H&S manager. What went well and what didn’t, what were the principal challenges and how were these addressed?
The H&S manager will also benefit from the fact that by now Top Management should have been educated by their quality/environmental heads as to their revised roles in Annex SL based systems, the organisation should have established processes for the determination of Context, for the management of risks and opportunities, the alignment of management system objectives with business objectives and performance evaluation of management systems. The H&S system can be piggy backed off these new ways of working, introduced to satisfy the QMS and EMS standards.
Documenting a health and safety management system is one thing, how can organisations ensure correct processes and procedures are being followed?
This starts with ensuring individuals are clear as to their roles and responsibilities, and are also clear as to how specific tasks are to be performed. These aspects are dealt with under clause 7, Support, which encompasses competence, awareness and communication sub-clauses.
Work is then planned and performed under Clause 8, Operation with H&S performance and the effectiveness of the H&S system overall being checked under clause 9, Performance evaluation, by means of monitoring, measurement, analysis and evaluation.
Internal audit has a key role to play in determining compliance (or otherwise) with agreed practice, as has Management Review.
Worker consultation and participation forums should also be used to identify process deviations, noting that in some instances the deviation may have occurred for good reason. E.g. where following the process would have endangered rather than protected individuals. The standard is clear that where this is the case workers should not be exposed to the threat of dismissal, disciplinary action or other reprisals as a result of their failure to follow the prescribed method.